Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Eleonore Exploit Kit Bag Full of Not-So Goodies

Researchers recently discovered that the latest Internet Explorer zero-day, detailed here by eWEEK, had made its way into the Eleonore exploit kit.
But most of the vulnerabilities the kit sets its sights on are not zero-days; in fact, many have had patches available for a long time. Perhaps this shouldn't be

Researchers recently discovered that the latest Internet Explorer zero-day, detailed here by eWEEK, had made its way into the Eleonore exploit kit.

But most of the vulnerabilities the kit sets its sights on are not zero-days; in fact, many have had patches available for a long time. Perhaps this shouldn't be too surprising, as attackers often reach for low-hanging fruit, and targeting unpatched systems is easier than discovering new vulnerabilities and developing exploits. Still, according to Symantec, many of the bugs exploited by Eleonore go back years.

"Of note is that these vulnerabilities have been patched for quite some time," said Tirth Sanyal, senior manager with Symantec Security Response. "However, their existence in such popular kits is testimony to the fact that there are enough users out there who aren't patching various applications regularly and highlights the need for increased awareness around proper patching procedures."

Eleonore is one of a handful of very popular exploit kits available in the cyber-underground. Others include kits like Fragus, Blackhole and Phoenix. Data from the end of 2009 from Symantec put the cost of the kit at $1,000, Sanyal said.

"There are many such exploit kits available on the underground economy, but very few of them are widely used," the researcher said. "Eleonore is one of these exceptions."